Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-21886

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/03/2025
Last modified:
29/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/mlx5: Fix implicit ODP hang on parent deregistration<br /> <br /> Fix the destroy_unused_implicit_child_mr() to prevent hanging during<br /> parent deregistration as of below [1].<br /> <br /> Upon entering destroy_unused_implicit_child_mr(), the reference count<br /> for the implicit MR parent is incremented using:<br /> refcount_inc_not_zero().<br /> <br /> A corresponding decrement must be performed if<br /> free_implicit_child_mr_work() is not called.<br /> <br /> The code has been updated to properly manage the reference count that<br /> was incremented.<br /> <br /> [1]<br /> INFO: task python3:2157 blocked for more than 120 seconds.<br /> Not tainted 6.12.0-rc7+ #1633<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000<br /> Call Trace:<br /> <br /> __schedule+0x420/0xd30<br /> schedule+0x47/0x130<br /> __mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]<br /> ? __pfx_autoremove_wake_function+0x10/0x10<br /> ib_dereg_mr_user+0x5f/0x120 [ib_core]<br /> ? lock_release+0xc6/0x280<br /> destroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]<br /> uverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]<br /> uobj_destroy+0x3f/0x70 [ib_uverbs]<br /> ib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]<br /> ? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]<br /> ? lock_acquire+0xc1/0x2f0<br /> ? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]<br /> ? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]<br /> ? lock_release+0xc6/0x280<br /> ib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]<br /> ? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]<br /> __x64_sys_ioctl+0x1b0/0xa70<br /> ? kmem_cache_free+0x221/0x400<br /> do_syscall_64+0x6b/0x140<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> RIP: 0033:0x7f20f21f017b<br /> RSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> RAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b<br /> RDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003<br /> RBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60<br /> R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890<br /> R13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0<br />

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.13 (including) 6.12.18 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13.2 (including) 6.13.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools